News Now

CU System

Security giant RSA hit by cyber attack

BEDFORD, Mass. (3/22/11)—RSA, the security division of EMC, has been hit by hackers. In an open letter posted on its website, RSA said it experienced an “extremely sophisticated” attack in which information related to the company’s SecurID two-factor authentication products were stolen. The “tokens” are employed by millions of end users, including credit unions. SecurID adds an extra layer of protection to a login process by requiring users to enter a secret code number displayed on a keyfob, or in software, in addition to their password. The number is cryptographically generated and changes every 30 seconds. In an open letter on the company’s website, RSA Executive Chairman Art Coviello categorized the attack as an “advanced persistent threat” and said a company investigation revealed “certain information being extracted from RSA’s systems.” “While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack," Coviello said. Customer and employee security related to other RSA products or personal identifiable information do not appear to have been compromised, Coviello said.